Re: General MoBlock thread

The moblock_in etc. rules should be placed at the head of the INPUT etc. chains (not at the bottom as in your case).
This will be the case directly after "moblock-control restart". Did you execute this command before the "status" command? Were there any messages? What's in /var/log/moblock-control.log?

Re: General MoBlock thread

Oddly enough, after a system restart and uninstalling Firestarter, Moblock now works. However, I don't know why. The output of "status" was after restarting Moblock, and I don't recall there being any messages, though I might have forgotten.

Re: General MoBlock thread

So what I meant to say is:
Every rule in the INPUT chain that is before moblock_in will be processed before the packets get to MoBlock.
You have the targets ACCEPT, DROP and other chains. Other chains themselves do the same: they ACCEPT, DROP or send packets back to INPUT. So we only need to look at ACCEPT and DROP:

If a packet will be DROPped anyway it doesn't matter if it is checked by MoBlock.
But if it gets ACCEPTed it will leave any further iptables processing, so it will not be checked by MoBlock.

Therefore you have to make sure that ACCEPT rules are only before MoBlock if they accept traffic that is not intended to be checked by MoBlock.

One rule is before MoBlock and this rule simply accepts all traffic on the loopback device, which is ok.

So this was the long version of what I meant to say with "the moblock_in rule has to be at the head of the chain and not at the bottom".

Notes:
Since Moblock 0.9 with the MARKing feature traffic that is accepted by MoBlock is not ACCEPTed (in the sense that it will leave the iptables processing) but "marked accepted" which means that it will be processed by the other iptables rules.
(To be correct: the packets repeat the whole chain/hook function).
Up to MoBlock 0.8 traffic was ACCEPTed, this is the reason why 0.8 did not work with firestarter.

Re: General MoBlock thread

Hope you can help - am not a linux expert and know little about firewalls etc but here goes - hope you can help

Ok - i know i am doing something wrong here - situation so far is:

1) installed moblock through synaptic - following the instructions on the Ubuntu docs page am using ubuntu 8.04

I know this from the readme:
In the default configuration MoBlock starts at system boot and some preconfigured blocklists are updated once a day. You can specify the blocklists to use in /etc/moblock/blocklists.list. Everything else (automatic start and update, iptables handling, IP and port whitelisting) is configured in /etc/moblock/moblock.conf. This is important especially if MoBlock blocks sites that it should not block.

2) So i edited the /etc/default/moblock file to include this WHITE_TCP_OUT="http https" and then restart moblock

BUT it still seems to block everything

Can anyone tell me what i need to do to get browsing and ftp to work whilst still running moblock? I tried mobloquer which is a GUI but even using that it doesn't unblock stuff - very odd

does this help?

sudo moblock-control status
Current iptables rules (this may take awhile):

Re: General MoBlock thread

I guess you need to whitelist your LAN, including your router, too. If you don't know your local IP check it with "sudo ifconfig". It's the value after "inet addr:" of the interface that you use for networking. For wired connections that might be "eth0", for wireless connections "wlan0".

Example: You found out that your IP is 192.168.0.39. Then your LAN will most probably cover the IP range 192.168.0.1-192.168.0.255. Then whitelist this range with the following lines in /etc/default/moblock:

Code:

WHITE_IP_IN="192.168.0.0/24"
WHITE_IP_OUT="192.168.0.0/24"

After editing and a "moblock-control restart" you should be fine. Of course you can also do this with mobloquer.

firestarter is not a firewall itself but it just sets up the Linux firewall: iptables. All your iptables rules do belong to moblock, so there is no conflict.